staging-ibmalerting.bankofamerica.bofa.info

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 2 HTTP transactions. The main IP is 12.150.80.175, located in United States and belongs to INS-AS, US. The main domain is staging-ibmalerting.bankofamerica.bofa.info.
TLS certificate: Issued by Entrust Certification Authority - L1M on February 11th 2022. Valid for: a year.

This is the only time staging-ibmalerting.bankofamerica.bofa.info was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Bank of America (Banking)

Domain & IP information

	IP Address	AS Autonomous System
2 3	12.150.80.175 12.150.80.175	2386 (INS-AS) (INS-AS)
1	12.150.80.77 12.150.80.77	2386 (INS-AS) (INS-AS)
2	3

3 12.150.80.175 (United States) 2 redirects

ASN2386 (INS-AS, US)
PTR: canary.staging-attalerting.bankofamerica.bofa.mhas.ibm.com

staging-ibmalerting.bankofamerica.bofa.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 12.150.80.77 (United States)

ASN2386 (INS-AS, US)
PTR: canary.www.applyonlinenow.pok.bofa.mhas.ibm.com

www.applyonlinenow.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	bofa.info 2 redirects staging-ibmalerting.bankofamerica.bofa.info	11 KB
1	applyonlinenow.com www.applyonlinenow.com — Cisco Umbrella Rank: 340796
2	2

	Domain	Requested by
3	staging-ibmalerting.bankofamerica.bofa.info	2 redirects
1	www.applyonlinenow.com	staging-ibmalerting.bankofamerica.bofa.info
2	2

This site contains links to these domains. Also see Links.

Domain
www.bankofamerica.com

Subject Issuer	Validity	Valid
staging-ibmalerting.bankofamerica.com Entrust Certification Authority - L1M	`2022-02-11` - `2023-02-11`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://staging-ibmalerting.bankofamerica.bofa.info/
Frame ID: EB9FA9CF70ED33A4E441C54179577F62
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

We apologize for any inconvenience.

Page URL History Show full URLs

http://staging-ibmalerting.bankofamerica.bofa.info/ HTTP 302
https://staging-ibmalerting.bankofamerica.bofa.info/ Page URL

Page Statistics

2
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

11 kB
Transfer

16 kB
Size

1
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://www.bankofamerica.com/security-center/privacy-overview/
Title: Privacy

Search URL Search Domain Scan URL

URL: https://www.bankofamerica.com/security-center/overview/
Title: Security

Search URL Search Domain Scan URL

URL: https://www.bankofamerica.com/help/equalhousing-popup/
Title: Equal Housing Lender

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://staging-ibmalerting.bankofamerica.bofa.info/ HTTP 302
https://staging-ibmalerting.bankofamerica.bofa.info/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://staging-ibmalerting.bankofamerica.bofa.info/us/connections/stylesheet.css HTTP 301
https://www.applyonlinenow.com/error.html

2 HTTP transactions
3 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.0	503 Service Unavailable	Primary Request / Show response staging-ibmalerting.bankofamerica.bofa.info/ Redirect Chain http://staging-ibmalerting.bankofamerica.bofa.info/ https://staging-ibmalerting.bankofamerica.bofa.info/	11 KB 11 KB	449ms 80ms	Document text/html	12.150.80.175 INS-AS
General Check archive.org Show headers Download Go to Full URL https://staging-ibmalerting.bankofamerica.bofa.info/ Protocol HTTP/1.0 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 12.150.80.175 , United States, ASN2386 (INS-AS, US), Reverse DNS canary.staging-attalerting.bankofamerica.bofa.mhas.ibm.com Software / Resource Hash `ab43d7fdb194facd09d879d0803923946fee08c4669b97dc35b421f80ccb8758` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 accept-language en-US,en;q=0.9 Response headers cache-control no-cache content-type text/html Redirect headers Connection Keep-Alive Content-Length 0 Location https://staging-ibmalerting.bankofamerica.bofa.info/ Server BigIP
GET H/1.1	200 OK	error.html www.applyonlinenow.com/ Redirect Chain https://staging-ibmalerting.bankofamerica.bofa.info/us/connections/stylesheet.css https://www.applyonlinenow.com/error.html	0 0	560ms 75ms	Stylesheet text/html	12.150.80.77 INS-AS
General Check archive.org Show headers Download Go to Full URL https://www.applyonlinenow.com/error.html Requested by Host: staging-ibmalerting.bankofamerica.bofa.info URL: https://staging-ibmalerting.bankofamerica.bofa.info/ Protocol HTTP/1.1 Server 12.150.80.77 , United States, ASN2386 (INS-AS, US), Reverse DNS canary.www.applyonlinenow.pok.bofa.mhas.ibm.com Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language en-US,en;q=0.9 Referer https://staging-ibmalerting.bankofamerica.bofa.info/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers Redirect headers location https://www.applyonlinenow.com/error.html date Sun, 11 Dec 2022 12:25:07 GMT strict-transport-security max-age=63072000; includeSubDomains; preload server Apache content-length 249 content-type text/html; charset=iso-8859-1
GET DATA	200 OK	truncated /	353 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `ef1e2c7f7966523d78b1c294052dfa4b2db256a21ead9fb711d187e0fd54be7a` Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	3 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `7e6ce497138ce47d8ab66d70c46d245e1261d7f2d3f1db3556eec0ca1c82e2ec` Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	1 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `f346783e905302bcf196820509bf3168e566c4e29f797eedc6cd78c95f7d16b1` Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers Content-Type image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Bank of America (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange object| d number| curr_year

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			staging-ibmalerting.bankofamerica.bofa.info/	1969-12-31 23:59:59	Name: SITE_ID Value: blue_web_1

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://staging-ibmalerting.bankofamerica.bofa.info/ Message: Failed to load resource: the server responded with a status of 503 (Service Unavailable)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

staging-ibmalerting.bankofamerica.bofa.info
www.applyonlinenow.com
12.150.80.175
12.150.80.77
7e6ce497138ce47d8ab66d70c46d245e1261d7f2d3f1db3556eec0ca1c82e2ec
ab43d7fdb194facd09d879d0803923946fee08c4669b97dc35b421f80ccb8758
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1e2c7f7966523d78b1c294052dfa4b2db256a21ead9fb711d187e0fd54be7a
f346783e905302bcf196820509bf3168e566c4e29f797eedc6cd78c95f7d16b1

staging-ibmalerting.bankofamerica.bofa.info Open in urlscan Pro 12.150.80.175 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

2 Requests

0 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

1 Countries

11 kBTransfer

16 kBSize

1 Cookies

3 Outgoing links

Page URL History

Redirected requests

2 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

1 Cookies

1 Console Messages

Indicators

staging-ibmalerting.bankofamerica.bofa.info Open in urlscan Pro
12.150.80.175 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

2
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

11 kB
Transfer

16 kB
Size

1
Cookies

2 HTTP transactions
3 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!